CompTIA CySA+ by Computing Technology Industry Association via Infosec Train: Fee, Duration, How to Apply

Quick Facts

particular	details
Medium of instructions English	Mode of learning Self study, Virtual Classroom	Mode of Delivery Video and Text Based	Frequency of Classes Weekends

Course overview

Accredited by CompTIA, an authorised partner, the CompTIA CySA+ training course by Infosec Train is a comprehensive programme for budding cybersecurity analysts. The curriculum aims to impart in-depth knowledge about applying analytics in networks to detect any Cybersecurity threat within an environment. Taught by experienced educators, the training features 40 hours of instructor-led sessions.

The CompTIA CySA+ course syllabus includes core topics such as incident detections, vulnerability management, and security architect information. Upon learning these, you will acquire behavioural analytical skills to detect combat malware and protect systems in your organisation. The training will also make you proficient in covering advanced persistent threats and implementing threat-detection tools.

You can further strengthen your resume with the CompTIA CySA+ certification, which you will receive once you clear the course exam. There are 3 learning modes available, along with a free demo class, so you can test the programme structure before you enrol.

Infosec Train also provides post-completion support to guide you after the training. Recorded sessions are also available for your access.

Also Read:
Computer Security And Networks Certification Courses

Course and certificate fees

certificate availability

Yes

certificate providing authority

CompTIA

Who it is for

Network architect

The CompTIA CySA+ training by Infosec Train is ideal for:

Cybersecurity engineers
Network and security professionals
Information security engineers
Network architects

Eligibility criteria

Educational Qualification

Enrolment for the CompTIA CySA+ programme requires prior knowledge in security and network.

Work Experience

You must also have at least 3-4 years of experience in information security or related domains.

Certificate Qualifying Details

Moreover, the training also comprises a certification exam. You must score 750 (on a 100-900 scale) to clear it and obtain the CompTIA CySA+ certificate.

What you will learn

Knowledge of cyber security Knowledge of cryptography

The CompTIA CySA+ certification syllabus is built to make you adept in:

Using incident detection for defence
Cybersecurity’s intermediate levels
Applying an analytics-based approach and firewalls in an organisation
Performing Data Analysis and interpreting its results to determine risks, threats, vulnerabilities, and security alerts in an organisation
Intermediate-level security skills
Deploying, configuring, and using various threat-detection tools
Vulnerability and threat management
Security architect information and cyber incident response
Defining relations between different policies and framework
Comprehending the procedures and controls

The syllabus

Domain 1: Security Operations

Importance of System and Network Architecture Concepts in Security Operations

Log Ingestion
- Time Synchronization
- Logging Levels
Operating System (OS) Concepts
- Windows Registry
- System Hardening
- File Structure
Configuration File Locations
- System Processes
- Hardware Architecture
Infrastructure Concepts
- Serverless
- Virtualization
- Containerization
Network Architecture
- On-Premises
- Cloud
- Hybrid
- Network Segmentation
- Zero Trust
- Secure Access Secure Edge (SASE)
- Software-Defined Networking (SDN)
Identity and Access Management
- Multi Factor Authentication (MFA)
- Single Sign-On (SSO)
- Federation
- Privileged Access Management (PAM)
- Passwordless
- Cloud Access Security Broker (CASB)
Encryption
- Public Key Infrastructure (PKI)
- Public Key Infrastructure (PKI)
Sensitive Data Protection
- Data Loss Prevention (DLP)
- Personally Identifiable Information(PII)
- Cardholder Data (CHD)

Analyze Indicators of Potentially Malicious Activity

Network-Related
- Bandwidth Consumption
- Beaconing
- Irregular Peer-to-Peer Communication
- Rogue Devices on the Network
- Scans/Sweeps
- Unusual Traffic Spikes
- Activity on Unexpected Ports
Host-Related
- Processor Consumption
- Memory consumption
- Drive Capacity Consumption
- Unauthorized Software
- Malicious Processes
- Unauthorized Changes
- Unauthorized Privileges
- Data Exfiltration
- Abnormal OS Process Behavior
- File System Changes or Anomalies
- Registry Changes or Anomalies
- Unauthorized Scheduled Tasks
Application-Related
- Anomalous Activity
- Introduction of new Accounts
- Unexpected Output
- Unexpected Outbound Communication
- Service Interruption
- Application Logs
Other
- Social Engineering Attacks
- Obfuscated Links

Use Appropriate Tools or Techniques to Determine Malicious Activity

Tools
- Packet Capture
Wireshark
tcpdump
- Log Analysis/Correlation
Security Information and Event Management (SIEM)
Security Orchestration, Automation, and Response (SOAR)
Endpoint Security
- Endpoint Detection and Response (EDR)
Domain Name Service (DNS) and Internet Protocol (IP) Reputation
- WHOIS
- AbuseIPDB
File Analysis
- Strings
- VirusTotal
Sandboxing
- Joe Sandbox
- Cuckoo Sandbox
- Common Techniques
Pattern Recognition
- Command and Control
Interpreting Suspicious Commands
Email Analysis
- Header
- Impersonation
- DomainKeys Identified Mail (DKIM)
- Domain-based Message Authentication, Reporting, and Conformance (DMARC)
- Sender Policy Framework (SPF)
- Embedded Links
File Analysis
- Hashing
User Behavior Analysis
- Abnormal Account Activity
- Impossible Travel
Programming Languages/Scripting
- JavaScript Object Notation (JSON)
- Extensible Markup Language (XML)
- Python
- PowerShell
- Shell Script
- Regular Expressions

Compare and Contrast Threat-Intelligence and Threat-Hunting Concepts

Threat Actors
- Advanced Persistent Threat (APT)
- Hacktivists
- Organized Crime
- Nation-State
- Script Kiddie
- Insider Threat
Intentional
Unintentional
- Supply Chain
Tactics, Techniques, and Procedures (TTP)
Confidence Levels
- Timeliness
- Relevancy
- Accuracy
Collection Methods and Sources
- Open Source
- Social Media
- Blogs/Forums
- Government Bulletins
- Computer Emergency Response Team (CERT)
- Basic knowledge of Network+, Security+, or equivalent discipline
- Minimum of 4 years of hands-on experience as an Incident Response Analyst or Security Operations Center (SOC) Analyst or similar domain
- Cybersecurity Incident Response Team (CSIRT)
- Deep/Dark Web
Closed Source
- Paid Feeds
- Information Sharing Organizations
- Internal Sources
Threat Intelligence Sharing
- Incident Response
- Vulnerability Management
- Risk Management
- Security Engineering
- Detection and Monitoring
  - Intentional
  - Unintentional
Threat Hunting
- Indicators of compromise (IoC)
  - Collection
  - Analysis
  - Application
Focus areas
- Configurations/Misconfigurations
- Isolated Networks
- Business-Critical Assets and Processes
Active Defense
Honeypot

Efficiency and Process Improvement in Security Operations

Standardize Processes
- Identification of Tasks Suitable for Automation
Repeatable/do not Require Human Interaction
- Team Coordination to Manage and Facilitate Automation
Streamline Operations
- Automation and Orchestration
  - Security Orchestration, Automation, and Response (SOAR)
Orchestrating Threat Intelligence Data
- Data Enrichment
- Threat Feed Combination
Minimize Human Engagement
Technology and Tool Integration
- Application Programming Interface (API)
- Webhooks
- Plugins
Single Pane of Glass

Domain 2: Vulnerability Management

Implement Vulnerability Scanning Methods and Concepts

Asset Discovery
- Map Scans
- Device Fingerprinting
Special Considerations
- Scheduling
- Operations
- Performance
- Sensitivity Levels
- Segmentation
- Regulatory Requirements
Internal vs. External Scanning
Agent vs. Agentless
Credentialed vs. Non-Credentialed
Passive vs. Active
Static vs. Dynamic
- Reverse Engineering
- Fuzzing
Critical Infrastructure
- Operational Technology (OT)
- Industrial Control Systems (ICS)
- Supervisory Control and Data Acquisition (SCADA)
Security Baseline Scanning
Industry Frameworks
- Payment Card Industry Data Security Standard (PCI DSS)
- Center for Internet Security (CIS) Benchmarks
- Open Web Application Security Project (OWASP)
- International Organization for Standardization (ISO) 27000 Series

Analyze Output from Vulnerability Assessment Tools

Tools
- Network Scanning and Mapping
- Angry IP Scanner
- Maltego
Web Application Scanners
- Burp Suite
- Zed Attack Proxy (ZAP)
- Arachni
- Nikto
Vulnerability Scanners
- Nessus
- OpenVAS
Debuggers
- Immunity Debugger
- GNU Debugger (GDB)
Multipurpose
- Nmap
- Metasploit Framework (MSF)
- Recon-ng
Cloud Infrastructure Assessment Tools
- Scout Suite
- Prowler
- Pacu

Analyze Data to Prioritize Vulnerabilities

Common Vulnerability Scoring System (CVSS) Interpretation
- Attack Vectors
- Attack Complexity
- Privileges Required
- User Interaction
- Scop
- Impact
Confidentiality
Integrity
Availability
Context Awareness
- Internal
- External
- Isolated
Exploitability/Weaponization
Asset Value
Zero-Day

Recommend Controls to Mitigate Attacks and Software Vulnerabilities

Cross-Site Scripting
- Reflected
- Persistent
Overflow Vulnerabilities
- Buffer
- Integer
- Heap
- Stack
Data Poisoning
Broken Access Control
Cryptographic Failures
Injection Flaws
Cross-Site Request Forgery
Directory Traversal
Insecure Design
Security Misconfiguration
End-of-life or Outdated Component
Identification and Authentication Failures
Server-side Request Forgery
Remote Code Execution
Privilege Escalation
Local File Inclusion (LFI)/Remote File Inclusion (RFI)

Concepts Related to Vulnerability Response, Handling, and Management

Compensating Control
Control Types
- Managerial
- Operational
- Technical
- Preventative
- Detective
- Responsive
- Corrective
Patching and Configuration Management
- Testing
- Implementation
- Rollback
- Validation
Maintenance Windows
Exceptions
Risk Management Principles
- Accept
- Transfer
- Avoid
- Mitigate
Policies, Governance, and Service- Level Objectives (SLOs)
Prioritization and Escalation
Attack Surface Management
- Edge Discovery
- Passive Discovery
- Security Controls Testing
- Penetration Testing and Adversary Emulation
- Bug bounty
- Attack Surface Reduction
Secure Coding Best Practices
- Input Validation
- Output Encoding
- Session Management
- Authentication
- Data Protection
- Parameterized Queries
Secure Software Development Life Cycle (SDLC)
Threat Modeling

Domain 3: Incident Response Management

Concepts Related to Attack Methodology Frameworks

Cyber Kill Chain
- Reconnaissance
- Weaponization
- Delivery
- Exploitation
- Installation
- Command and Control (C2)
- Actions and objective
Diamond Model of Intrusion Analysis
- Adversary
- Victim
- Infrastructure
- Capability
MITRE ATT&CK
Open Source Security Testing Methodology Manual (OSSTMM)
OWASP Testing Guide

Perform Incident Response Activities

Detection and Analysis
- IoC
- Evidence Acquisitions
Chain of Custody
Validating Data Integrity
Preservation
Legal hold
- Data and Log Analysis
Containment, Eradication, and Recovery
- Scope
- Impact
- Isolation
- Remediation
- Re-Imaging
- Compensating Controls

Preparation and Post-Incident Activity Phases of the Incident Management Life Cycle

Preparation
- Incident Response Plan
- Tools
- Playbooks
- Tabletop
- Training
- Business Continuity (BC)/ Disaster Recovery (DR)
Post-Incident Activity
- Forensic Analysis
- Root Cause Analysis
- Lessons Learned

Domain 4: Reporting and Communication

Importance of Vulnerability Management Reporting and Communication

Vulnerability Management Reporting
- Vulnerabilities
- Affected Hosts
- Risk Score
- Mitigation
- Recurrence
- Prioritization
Compliance Reports
Action Plans
- Configuration Management
- Patching
- Compensating Controls
- Awareness, Education, and Training
- Changing Business Requirements
Inhibitors to Remediation
- Memorandum of Understanding (MOU)
- Service-Level Agreement (SLA)
- Organizational Governance
- Business Process Interruption
- Degrading Functionality
- Legacy Systems
- Proprietary systems
Metrics and Key Performance Indicators (KPIs)
- Trends
- Top 10 Critical Vulnerabilities and Zero-days
- SLOs
Stakeholder Identification and Communication

Importance of Incident Response Reporting and Communication

Stakeholder Identification and Communication
Incident Declaration and Escalation
Incident Response Reporting
- Executive summary
- Who, What, When, Where, and Why
- Recommendations
- Timeline
- Impact
- Scope
- Evidence
Communications
- Legal
- Public Relations
Customer Communication
Media
- Regulatory reporting
- Law enforcement
Root cause Analysis
Lessons Learned
Metrics and KPIs
- Mean Time to Detect
- Mean Time to Respond
- Mean Time to Remediate
- Alert Volume

Admission details

You can enrol in Infosec Train’s CompTIA CySA+ online course through this link: https://www.infosectrain.com/courses/comptia-cysa-certification-training/.
Go through the programme info and click on ‘Enrol Now’.
Alternatively, you can scroll down and choose a learning option that suits you. Use its ‘Get Started’, ‘Enrol Now’, or ‘Contact Us’ button to proceed.
Fill up the form and submit your request.
After the request is processed, Infosec Train’s officials will contact you for admission.

Filling the form

There’s no such application form-filling needed to participate in the CompTIA CySA+ certification course. You can submit an enrolment request by filling up the pop-up form. In the form, enter the required information like your country of residence, full name, contact number, email address, and a comment/required training. After submitting this, the course authorities will inform you about further steps.

Evaluation process

The CompTIA CySA+ certification exam is a 165-minutes examination, comprising a minimum of 85 questions in Japanese or English. You will need to attempt MCQ and performance-based questions. The exam code for this test is CS0-0002.

How it helps

Infosec Train’s CompTIA CySA+ certification training is an excellent programme if you wish to master the skills to apply analytics and detect cybersecurity threats. The course covers vital concepts and has certified trainers to help you grasp the topics quickly and efficiently.

Besides, if you clear the in-course examination, you will be equipped with the CompTIA CySA+ certificate. You will also receive post-training guidance to pursue cybersecurity roles in top organisations.

Instructors

Mr Bharat Mutha
Instructor
Freelancer

Mr Rishabh Kotiyal
Trainer
Freelancer

FAQs

How can I apply for CompTIA CySA+ demo session?

Visit here the website’s URL, and view the ‘Get a Free Demo Class’ section. Fill up the required details and click on ‘Reserve Your Seat Now.

Is CompTIA CySA+ accredited by Infosec Train?

No. This is a CompTIA-accredited programme.

Who can I contact to inquire about CompTIA CySA+ programme?

You can contact Infosec Train by calling them at 1800-843-7890.

What type of learning delivery does this training include?

The CompTIA CySA+ online course follows a blended learning delivery model.

Can I request a customised training?

Yes. Visit the course portal and scroll down to the ‘Request a Batch’ option.

Articles

Latest Articles

What Is Computer Security - Definition, Types, Courses Updated On 02 Mar, 2022

15 Online Courses on Computer Security to Protect Yourself on the Internet Updated On 11 Sep, 2021

Popular Searches

CompTIA CySA+

Online